About this Add-on

Winner of the "PC World World Class Award", this tool gives you with the best available protection on the web. It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology. It also implements the DoNotTrack tracking opt-out proposal by default, see https://hackademix.net/2010/12/28/x-do-not-track-support-in-noscript/.Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality... Experts do agree: Firefox is really safer with NoScript ;-)

IMPORTANT: before asking or commenting about the *completely anonymous* request made to https://secure.informaction.com/ipecho on startup, or the those sent to your own WAN IP periodically, please read about the WAN IP protection feature at http://noscript.net/abe/wan (mentioned also in the release notes for 2.0 and in the privacy policy here). If you're in doubt about the full anonymity and total privacy of this feature, just check (or let someone you trust check) the source code here, the file is content/DNS.js. Thanks.

Version Information

Version 2.6.9.20
Released March 31, 2015
546.7 kB
Works with
Firefox 3.0.9 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Development Channel

The Development Channel lets you test an experimental new version of this add-on before it's released to the general public. Once you install the development version, you will continue to get updates from this channel. To stop receiving development updates, reinstall the default version from the link above. Install development version

Caution: Development versions of this add-on have not been reviewed by Mozilla.

Privacy Policy

The NoScript add-on and the noscript.net web site don't collect any personal identifiable data about their users.

The "Site Info" feature, introduced in NoScript 1.9.9.60, provides privacy and security information about web sites shown in the NoScript menu, as soon as user middle-clicks or shift clicks one of them: when activated, after a one-time explanatory prompt, it sends a query containing the site domain to http://noscript.net. Also in this case, the data sent is used only to provide the Site Info page and it's not stored nor shared nor reused.

NoScript 2.0rc5 and above extends its protection against DNS rebinding to those attacks which specifically target your router's external (WAN) IP address. In order to protect it, NoScript needs to detect the WAN IP currently exposed to internet web sites by your HTTP requests: for this purpose, NoScript sends a completely anonymous query to the https://secure.informaction.com/ipecho web service, which provides back this information on a secure channel, typically once a day. Again, no data except the aforementioned WAN IP address travels on the secure channel, and no user data at all is collected, nor stored, nor shared nor reused by InformAction or any other party.This feature, enabled by default, can be disabled by unchecking "NoScript Options|Advanced|ABE|WAN IP ∈ LOCAL".